a. Role based access controls within the application which accurately map required access permissions to job function.
For an added bonus, include monitoring/alerting at the data tier for any use of dynamic queries. This will detect an attacker who has, for example, managed to bypass the application and query the database directly.
SQL injection vulnerabilities occur when application code contains dynamic database queries which directly include user supplied input. This is a devastating form of attack and BSI Penetration Testers regularly find vulnerable applications that allow complete authentication bypass and extraction of the entire database.
a. Avoid the use of dynamic queries within applications. Use of prepared statements with parametrised queries will stop SQL injection.
a. All backups should be encrypted to protect confidentiality and integrity of the data , and this must include proper key management. Keys must not fall into the wrong hands but must be available when needed to restore data.
a. Implement brute force controls such as account lockout after a set number of invalid attempts. Use password blacklisting to prevent users choosing common passwords.
Users may abuse legitimate data access privileges for unauthorised purposes . For example, a user in sales with privileges to view individual customer records may abuse that privilege to retrieve all customer records to pass to a competitor.
A database is a key resource for businesses, often containing sensitive information about customers or clients. Therefore, cybercriminals recognize their value and will attempt to hack into them. They may do so through guessing default or weak passwords, using packet sniffers to intercept network traffic, launching a SQL injection to ''trick'' the database or gaining access through an employee with too many privileges.
And, speaking of access permissions, controlling the level of access that internal employees have to information is another good way to protect database information. Data access should be granted to the fewest number of people possible that are needed to perform the work-related tasks. You can also set up a database to provide temporary credentials when user access is necessary, keeping things locked down tightly in the meantime.
Perhaps the simplest step in protecting a database is ensuring that not only are default log-in credentials changed but that they are changed to complex passwords that will be difficult for cybercriminals to guess. Better yet, routine, mandatory password changes can further safeguard sensitive data.
It works by inserting SQL query statements into website fields, which can overwhelm the web page, resulting in a false request being sent to the database. Once this happens, the cybercriminal is able to run additional queries to manipulate the database and expose its contents.
One of the most basic lines of defense against any type of hacking is to ensure security patching is a regular staple of your company's security program. This means keeping current on updates to operating systems, programs and applications. Manufacturers regularly release patches to known vulnerabilities that cybercriminals may try to exploit. Installing these patches can further safeguard your databases.
Protecting a database starts with strong passwords that are changed regularly, a robust security patching system to safeguard against exploited vulnerabilities, encryption techniques, safety hardware such as a firewall or limiting access controls to a minimum number of individuals.
Firewalls can help protect a database by blocking any traffic trying to reach it from unspecified sources. That means you could limit external traffic completely and cut back on internal traffic, making that only from those users with appropriate access permissions.